Easy one, can be download here.
Following is a very simple walkthrough.
Scan ports, find 22 and 80.
Open Port 80, a chat service.
Username has sql injection. So burpsuite capture the post data, and use sqlmap to dump databases.(User temp is registered by me.)
Ssh login with this username and password. But the username:password pair is in different order.
After ssh in, find five users in /home folder. Su to nona.
Sudo -l, user nano can run lynx.
Run lynx, open file:///root, read the root flag.